I just wanted to post this because I saw some sites incorrectly stating that you need to install the epel repo, you don't.
Here is how to install the Google 2 factor application for pam
To enable ssh 2 factor:
Make sure that challenge response is listed as YES in your SSHD config
Login as the user you want to protect and run:
nswer the questions as appropriate.
TADA! If this worked for you, feel free to let others know below.
*If you get a loop of asking for your password and verification code, you need to modify SELINUX to allow or disable it.